Comment on Selfhosting Sunday - What's up?
corsicanguppy@lemmy.ca 1 week agoA LOT of plugins in many projects are a huge concern. I say this as someone who ran security for an OS for a while. It’s just people making bad decisions for everyone and then hand-waving the risks when questioned.
jagged_circle@feddit.nl 1 week ago
I dont mean the plugins themselves but the fact that there’s no way to safely download a plugin.
Even if the plugin really is benign, jellyfin will happily download something inauthentic and malicious befuarse there’s no cryptographic signature checks